ZTE MF286 has built-in factory backdoor allowing root shell access on embedded Linux running inside router. However since we don't know RSA-2048 private key used for encrypting device specific password we're not able to use this. Which doesn't mean we won't have other means to gain root shell.
Sunday, March 26, 2017
Thursday, March 23, 2017
Locking custom LTE bands on ZTE MF286
My ZTE MF286 is running DNA firmware version B04. It's somewhat limited in LTE band selection, but that can easily be worked around with curl.
Inside ZTE MF286 router
ZTE MF286 4G router is built around Qualcomm QCA9563 soc with 802.11bgn, QCA9882 802.11ac wlan, QCA8337 gigabit switch and MDM9230 LTE chip. There's also tempting serial port knowing all components used are already supported by LEDE (that has replaced OpenWrt).
Photos here.
Photos here.
Inside Huawei B315s-22 4G router
Huawei B315s-22 contains Huawei HiSilicon 6361 SoC, Realteak Ethernet switch and Broadcom WLAN. Not much to see, but some photos here.
Sunday, March 19, 2017
Linux SNAT with per-connection source address from IP pool
When doing NAT with pool of addresses to choose from (instead of masquerading) Linux insists on always using same IP from pool for particular source IP. Often this is preferred, but not always. To workaround we need to patch kernel a bit.
Subscribe to:
Posts (Atom)